import OpenSSL.crypto

# 加载 CA 证书
with open("ca.crt", "rb") as f:
    ca_cert_pem = f.read()
    ca_cert = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, ca_cert_pem)

# 加载服务器证书
with open("server.crt", "rb") as f:
    server_cert_pem = f.read()
    server_cert = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, server_cert_pem)

# 创建一个 X509Store 对象并添加 CA 证书
store = OpenSSL.crypto.X509Store()
store.add_cert(ca_cert)

# 创建一个 X509StoreContext 对象并验证服务器证书
store_ctx = OpenSSL.crypto.X509StoreContext(store, server_cert)
try:
    store_ctx.verify_certificate()
    print("服务器证书由 CA 证书签发，验证通过。")
except OpenSSL.crypto.X509StoreContextError as e:
    print("服务器证书验证失败:", e)
